I’ve seen some similar topics, but it looks like other use cases are a bit different. I need to import a pre-generated RSA private key and certificate into Nitrokey HSM. With the certificate it goes quite smoothly, but attempt to import a private key gives out various errors depending on what module I use:
$ pkcs11-tool --module opensc-pkcs11.so --login --pin 648219 -w /opt/pkey.pem -y privkey -d 1
Using slot 0 with a present token (0x1)
error: PKCS11 function C_CreateObject failed: rv = CKR_ATTRIBUTE_VALUE_INVALID (0x13)
$ pkcs11-tool --module /usr/lib/libsc-hsm-pkcs11.so --login --pin 648219 -w /opt/pkey.pem -y privkey -d 1
Using slot 0 with a present token (0x1)
error: PKCS11 function C_CreateObject failed: rv = CKR_TEMPLATE_INCONSISTENT (0xd1)
I’ve found a similar issue with SmartCard-HSM, but first I’m not sure if it’s relevant to Nitrokey-HSM and second I haven’t found any information about how to import a key from *.p12 either.
Would be very grateful for any hints.
I would say the link you provided is already the clue you need. Normally one is not supposed to import private keys but should rather create a new within the Nitrokey HSM instead.
Yes it is relevant. The Nitrokey HSM contains a SmartCard-HSM.
I think the linked issue in the original issue (I mean the one about .p12) is not the important information here. As far as I can see you can use the SDK software of CardContact to import private keys if you really need to.
thank you for your support. Luckily today this can even be done without accessing CardContact’s CDN, the newest version of the importing algorithm is in a publicly available Github repository. I’m now stuck with importing something else than RSA, but I think only CardContact can help me there.
